CVE-2018-16153
moderate-risk
Published 2023-12-12
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
Do I need to act?
-
0.23% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (8)
Release Notes
https://docs.opencast.org/r/10.x/admin/#changelog
Third Party Advisory
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9
Release Notes
https://www.apereo.org/projects/opencast/news
Release Notes
https://docs.opencast.org/r/10.x/admin/#changelog
Third Party Advisory
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9
Release Notes
https://www.apereo.org/projects/opencast/news
32
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal